刚在 V2EX 上看到，有人利用沃通证书签发系统的漏洞，成功签出了一张 GitHub 主域名的证书。https://crt.sh/?id=29647048Certificate: Data: Version: 3 (0x2) Serial Number: 5d:8f:2b:91:ef:b8:dd:65:af:4c:c1:2b:15:ef:4b:6e Signature Algorithm: sha256WithRSAEncryption Issuer: commonName = WoSign CA Free SSL Certificate G2 organizationName = WoSign CA Limited countryName = CN Validity Not Before: Jun 10 05:42:44 2015 GMT Not After : Jun 10 06:03:35 2018 GMT Subject: commonName = schrauger.github.io Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit)...